Legal
Privacy Policy
Last updated: June 28, 2026
1. Who We Are
TAKE INTEREST Inc. ("TAKE INTEREST," "we," "our," or "us") operates the products and services described below. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services, including the Take Interest workspace, GuardClaw security platform, the Pantry Kitchen Journal iOS app, Felt Weather, Askwell, and our website at takeinterest.ai (collectively, the "Services").
Each of our consumer apps has its own privacy details, set out in Section 2 below. Where an app's section describes a practice that differs from the general company sections in this policy, the app's section governs for that app.
2. Product-Specific Privacy
This section covers the privacy practices of our individual apps. The company-wide sections that follow (collection, third parties, rights, CCPA, GDPR, retention, and contact) apply to all of our Services in addition to what each app section describes.
Askwell
Askwell is a question-coaching app made by TAKE INTEREST Inc. You type a rough question, Askwell finds the missing signal and hands back a sharper one, and it keeps a receipt of the change. This section covers the Askwell iPhone app.
Sign-in is required: Askwell asks you to sign in with Apple or Google before you use it. Sign-in runs through Firebase Authentication, a Google service we use as our authentication provider. When you sign in, your account gets a name, an email address, and a user id. We use these only to run your account, they are linked to your identity, and they are not used to track you.
On your device: your question text, the scores Askwell computes, and the receipts you save are created and stored on your device. A receipt is the proof note Askwell keeps after you sharpen a question: the before and after, the score, the signals, and a next-rep prompt.
Analytics is off by default: Askwell can record anonymous usage analytics through Firebase Analytics (Product Interaction) to help us improve the app. It is off by default and turns on only if you enable it in Settings. When it is on, it records how the app is used, such as which screens you open, and never your question text. It is linked to your identity and is not used to track you.
Account deletion and sign-out: you can sign out any time. You can delete your account from Settings, which removes the account record and clears the local data on your device.
No tracking: Askwell has no advertising identifier, runs no ad network, and does no cross-app or cross-site tracking. The app's privacy manifest declares tracking off. Because Askwell collects the account fields above and the opt-in analytics, its App Store privacy label reads Data Is Collected.
Askwell signs you in with Apple or Google so your saved questions stay tied to your account. Sign-in gives your account a name, an email, and a user id, used only to run your account and not to track you. Your question text, scores, and saved receipts are created and stored on your device. Anonymous usage analytics through Firebase is off by default and turns on only if you choose it in Settings. You can sign out or delete your account any time. The App Store privacy label reads Data Is Collected for the account fields and the opt-in analytics, with tracking off.
Felt Weather
Felt Weather is made by TAKE INTEREST Inc. This section covers the Felt Weather apps on iPhone, Apple Watch, and Mac and their companion surfaces.
Sign-in is required: signing in with Apple or Google is required to use Felt. Sign-in runs through Firebase Authentication, so the app holds your email, your name, and an account identifier. These are used only to sign you in and keep you signed in. Felt does not build a profile of you, and your weather and calendar are never stored on our side.
On your device: your weather, your calendar, your current location, and the suggestions Felt makes stay on your device. Widgets, Live Activity, and Apple Watch receive only a redacted day summary needed to display the feature. Apple Watch never signs in on its own.
Cross-device sync (Felt Weather 1.4 and later): starting with version 1.4, signing in keeps your saved work in step across your own devices. Felt stores one synced record for your account in Google's Cloud Firestore, holding your saved places (labels and map coordinates), route favorites, the route you are drafting, your future plans with their notes and reminder bookkeeping, and app preferences such as units, comfort settings, activity order, and motion settings. A security rule restricts that record to your signed-in account, so only you can read or write it. Your calendar events, live weather, current location, and location history are never part of the synced record. On versions before 1.4, nothing syncs and everything you save stays on the device.
Location: location powers the live forecast and the city label. It is off until you enable it. When it is on, your device uses your location to look up local weather and name the place you are in. We never store your location and it is not sent to any server we operate. You can turn it off any time in Settings on your device.
Calendar: calendar access lets Felt line your day up with the forecast. Reads happen locally on your device. Any change Felt makes to your calendar happens only when you confirm it. Calendar access is off until you tap Connect Calendar, and you can revoke it any time in Settings on your device.
Weather, maps, and routes: to show you the forecast, Felt sends your coordinates to Apple's WeatherKit, which returns the weather. When you search for a place or ask for a route, Felt sends that query to Apple Maps through MapKit. Apple processes both under Apple's privacy policy, and we do not keep a copy. If you tap a Google Maps or Waze handoff, the route opens in the app or site you chose, and that handoff is user-initiated. Aurora forecasts come from NOAA's Space Weather Prediction Center and close-approach data from NASA's Jet Propulsion Laboratory, which are read-only feeds that receive no personal data.
Analytics and tracking: Felt does not use third-party analytics SDKs or advertising trackers today, and the app's privacy manifest declares tracking off. If a future version adds usage analytics, we will update this policy and the App Store privacy label before that version ships and give you a clear control over it.
Retention and controls: your account details (email, name, and identifier) are kept through Firebase Authentication for as long as your account exists. On 1.4 and later, your synced record is kept in Cloud Firestore for as long as your account exists. You can sign out from the profile chip, which also stops sync. You can ask us to access or delete the account data tied to your sign-in by emailing the address in Section 14. Deleting your account also removes the synced record. Removing the app clears the on-device data.
Felt Weather requires Apple or Google sign-in, which collects your email, name, and an account identifier through Firebase Authentication. Your weather, calendar, location, and suggestions stay on your device. Starting with Felt Weather 1.4, the places, routes, plans, and app preferences you save sync to an owner-only Cloud Firestore record so your devices match, and deleting your account erases it. Widgets, Live Activity, and Apple Watch receive only a redacted day summary. Felt uses no third-party analytics and no tracking today, and nothing is sold. Coordinates go to Apple WeatherKit, place and route searches go to Apple Maps, optional Google Maps and Waze handoffs open only when you tap them, and read-only sky data comes from NOAA and NASA. You can sign out or delete your account, and each permission is off until you turn it on.
Pantry Kitchen Journal
Pantry Kitchen Journal ("Pantry") is made by TAKE INTEREST Inc. This section covers the Pantry iOS app. Your kitchen data stays yours.
On your device or your private iCloud: Pantry reads the grocery receipts you photograph or import and turns them into a kitchen inventory with shelf-life estimates and recipe options. All of that processing happens on your device using Apple's on-device text recognition. Your receipts, items, and consumption history never reach us or any third party. If your device is signed into iCloud, Pantry stores its data in your private iCloud database so your kitchen syncs across your own devices. That data is controlled by your Apple account and readable only by you. If iCloud is off, everything stays on your device.
Accounts are optional: you can use all of Pantry without an account. If you choose to sign in with Apple or Google, the app sends the provider sign-in token to a TAKE INTEREST verification service, which checks the token is genuine and sends back a confirmation. The token carries no kitchen data, and the service stores nothing. We receive your verified email address, and your name if the provider shares it. Your account record lives on your device in the iOS Keychain. It never enters iCloud Keychain and it never reaches our servers. You can sign out or delete your account inside the app at any time (Account then Delete account).
What we collect: we do not collect your receipts, pantry items, recipes, consumption history, grocery habits, or household content. If you sign in, we process your verified email address and optional name only for account sign-in.
Diagnostics (on by default, one tap to turn off): two helpers are on by default so we can fix crashes and see which features help. Crash reports (Sentry) send a technical stack trace when the app crashes. Usage analytics (Mixpanel) counts a short, fixed list of actions, such as receipt captured or recipe generated. Diagnostics do not include receipt text, item names, recipe content, email addresses, names, household names, location, advertising identifiers, or IP-based geolocation. Events outside the fixed list are dropped before they leave the device. You can turn either off any time from your Profile page or Settings then Privacy choices, and your choice sticks.
Deleting your data: delete items in the app any time, or delete your account inside the app (Account then Delete account). Deleting the app removes its on-device data. To remove synced data, delete Pantry's data from iCloud in Settings on your device.
Pantry keeps kitchen content on your device or in your own private iCloud. Optional Apple or Google sign-in processes a verified email address and optional name for account access. Crash reporting and Mixpanel usage analytics are on by default when configured, with in-app switches to turn either off. Current diagnostics do not send receipt text, pantry items, recipes, grocery history, household names, email addresses, names, location, advertising identifiers, or IP-based geolocation. If a future release adds advertising, tracking, additional analytics, or other data uses, this policy and the App Store privacy label must be updated before that release ships.
GuardClaw
GuardClaw is the runtime security system for AI agents made by TAKE INTEREST Inc. This section covers GuardClaw local runtime behavior (CLI, shell wrapper, MCP server) and optional GuardClaw Cloud features (account, billing, usage, receipts, agent management, and environment management). TAKE INTEREST Inc. is the data controller for data collected through GuardClaw cloud services. For customer personal data processed on behalf of your organization, we act as a data processor, and a Data Processing Addendum is available on request at legal@takeinterest.ai.
Account and billing data: email, display name, tenant and workspace identifiers, plus Stripe customer and subscription identifiers and billing events. We do not store payment card numbers, which are handled entirely by Stripe.
Usage, audit, and agent data: decision counts, usage events, receipt metadata, and receipt content hashes. When agent management is enabled, we collect agent identifiers, hostname, operating system, software version, process identifiers, agent state, heartbeat timestamps, CPU and memory usage metrics, runtime duration, failure counts, anomaly scores, and anomaly detection levels. Agent control records include actor user identifiers, actor IP addresses, actions taken, reasons, and acknowledgment timestamps. Environment data covers environment names, status, runtime type, risk scores, agent counts, and security event counts.
Anonymous telemetry (opt-out): the GuardClaw CLI collects anonymous telemetry by default, including decision counts, threat scores, timing, platform, and version. Prompts, commands, file paths, and personal identifiers are excluded. You can disable it at any time with the command guardclaw telemetry disable.
Training data: free tier usage is included in anonymized training data as a condition of the free service, using only anonymized, aggregated detection telemetry with no raw prompts, commands, or PII. On paid plans (Pro and Ultimate), training data collection is consent-based and you may opt out at any time via account settings or the command guardclaw training disable.
Retention and deletion: decision receipts and agent monitoring data are stored indefinitely. Access is limited by plan: Free (1,000 most recent viewable receipts per workspace), Pro (100,000), Ultimate (500,000). Plan quotas limit how many receipts are accessible. They do not limit how many are stored. Account deletion marks the tenant status as deleted, cancels any active subscriptions, and initiates cleanup of account and billing data. Billing records may persist in Stripe per their privacy policy.
Subprocessors: Google Cloud and Firebase (auth, storage, infrastructure), Stripe (billing), Mixpanel (anonymous product analytics on the dashboard, no PII, IP tracking disabled), and Sentry (error and crash reporting, stack traces only, no PII), all in the United States. To exercise your rights for GuardClaw data, contact legal@takeinterest.ai or use the account management features in the dashboard.
3. Information We Collect
3.1 Information You Provide
Account Information: When you create an account, we collect your email address and authentication credentials. Authentication may use Firebase Authentication (Google Identity Platform) or equivalent managed identity services. Multi-factor authentication may be required for specific environments.
User-Generated Content: Content you create within our Services, including decision drafts, strategies, evidence notes, frameworks, and other workspace content. We treat all user-generated content as highly sensitive and private.
Contact Information: When you contact us via our contact form, we collect your name, email address, subject, and message content. The form uses Cloudflare Turnstile for bot verification, which may process your IP address and browser signals to validate the challenge. See Section 7 for details.
3.2 Information Collected Automatically
GuardClaw Telemetry (opt-out): The GuardClaw CLI collects anonymous telemetry by default, including decision counts, threat scores, timing data, platform, and version. Prompts, commands, file paths, and personal identifiers are excluded from this telemetry. You can disable telemetry at any time with guardclaw telemetry disable.
Dashboard Analytics: We use Mixpanel for anonymous product analytics on the GuardClaw dashboard and related product surfaces. IP tracking is disabled. We use these events to understand feature use, reliability, onboarding, and product demand.
Error Diagnostics: We use Sentry for error reporting with heavy redaction. Default PII sending is disabled. Trace sampling is set to zero. Only diagnostics needed for product stability are collected.
Server Logs: Standard server access logs are collected for security and operational purposes. These logs do not contain user-generated content.
GuardClaw Agent Data: When agent management features are enabled, we collect agent identifiers, hostname, operating system, software version, heartbeat timestamps, CPU and memory usage metrics, runtime duration, anomaly scores, and agent control event logs (including actor IP addresses for audit purposes).
3.3 Advertising and Data Sales
Our free tier may collect usage data to fund the product and improve the Services. Our monetization approach stays open, including optional advertising and consent-based data revenue, but it must be transparent and controlled by the user. We do not run covert surveillance. If we add advertising cookies, outside ad networks, or a sale or sharing of personal information as defined by state law, we will disclose it, ask for consent where required, and provide a clear opt-out before using that data for those purposes. Every user, free or paid, can turn off product usage data collection and consent-based monetization data. A paid tier that collects no product usage analytics stays available as a product choice. Some account, payment, security, and legal records may still be processed when needed to operate the Services, prevent abuse, complete transactions, or meet legal duties.
3.4 Model Training: What We Do Not Do
We do not use your User Content, decision drafts, strategies, or any user-generated material to train machine learning models. This applies to our own models and to any third-party models (including Claude, Gemini, and the embedding models used by the Services). We set the user_data_not_for_training flag on provider API calls where the provider supports it, and we maintain a policy-level commitment for providers where the flag is not exposed. De-identified, aggregated usage signals (e.g., anonymous feature counts) may be used to improve the Services themselves. Those aggregates do not include User Content and are not sent to a model for training. If we ever change this, we will ask for your explicit, opt-in consent first, and you can decline and keep using the Services. This commitment is part of our published data philosophy, eight "never do" rules enforced in code where possible. Contact privacy@takeinterest.ai for the current version of the policy.
4. How We Use Your Information
We use your information to:
Provide, maintain, and improve our Services. Authenticate your identity and enforce access controls. Communicate with you about your account or our Services. Respond to your inquiries and support requests. Detect, prevent, and address security threats and abuse. Measure usage on the free tier to support product funding and product decisions. Improve our systems in ways that honor the model-training limits in Section 3.4. Comply with legal obligations.
5. Data Storage and Security
Infrastructure: All data is stored on Google Cloud Platform (GCP) in the United States. Data is encrypted at rest using Google-managed encryption and in transit using TLS 1.2+.
Sensitive Data Encryption: OAuth tokens and other highly sensitive credentials are encrypted using managed cryptographic controls and secure secret storage.
Access Controls: Backend services use dedicated service accounts with least-privilege permissions. User access controls may include allowlisting, MFA requirements, and server-side token verification where applicable.
Edge Protection: Public endpoints use edge protections such as rate limiting and request filtering to reduce abuse risk.
6. Data Retention
Account Data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
User-Generated Content: Retained for the duration of your account. You may export or delete your content at any time.
GuardClaw Audit Data: All decision receipts are stored indefinitely. Access is limited by plan: Free (1,000 most recent receipts per workspace), Pro (100,000), Ultimate (500,000). Usage events are retained for operational purposes.
Server Logs: Retained for up to 90 days for security and operational purposes.
Contact Form Submissions: Retained for up to 180 days or until the inquiry is resolved, whichever comes first. Submissions are automatically deleted after the retention period.
7. Third-Party Services
We use the following third-party services as part of our infrastructure:
Google Cloud Platform: Cloud infrastructure, hosting, and authentication. Subject to Google Cloud's Data Processing Terms.
Firebase: Authentication and web hosting. Subject to Firebase Terms of Service.
Stripe: Payment processing (when enabled). Subject to Stripe's Privacy Policy. We do not store credit card numbers on our servers.
Cloudflare: DNS, edge network, and bot verification (Turnstile) for the contact form. Turnstile processes IP addresses and browser signals to distinguish humans from bots. Subject to Cloudflare's Privacy Policy.
Sentry: Error monitoring with heavily redacted data. Default PII sending is off.
Mixpanel: Product analytics for the GuardClaw dashboard and Pantry diagnostic counts. IP tracking is disabled. Pantry sends only allowlisted event names and non-content properties, with no receipt text, pantry items, names, email addresses, household names, or location.
Apple and Google: Optional Pantry sign-in providers. Pantry receives the verified account information the provider returns, such as email address and, when shared, name.
We do not share user-generated content with any third-party service for their independent use. For our own model training and system improvement, see Section 3.4.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate personal information.
Deletion: Request deletion of your personal information and account.
Export: Request an export of your data in a portable format.
Restriction: Request restriction of processing of your personal information.
Objection: Object to processing of your personal information.
Opt Out: Turn off product usage analytics and opt out of any sale or sharing of personal information where state law provides that right.
Cancel: Cancel a paid subscription or paid tier as described in the product or billing flow.
To exercise any of these rights, contact us at privacy@takeinterest.ai. We will respond within 30 days.
9. International Data Transfers
Our Services are hosted in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States. We implement appropriate safeguards for international data transfers in compliance with applicable data protection laws.
10. Children's Privacy
Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.
11. California Privacy Rights (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, correct inaccurate information, opt out of sale or sharing, limit certain sensitive data uses where applicable, cancel paid subscriptions as required by law, and not be discriminated against for exercising your privacy rights. If we add advertising or consent-based data revenue that counts as sale or sharing under California law, we will provide the required notice and opt-out control.
12. European Privacy Rights (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal basis for processing your personal information is: contractual necessity (to provide our Services), legitimate interests (security, fraud prevention, service improvement), consent (where required), and legal obligation (compliance with applicable laws). You have additional rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our Services after the effective date of changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or our privacy practices, contact us at:
TAKE INTEREST Inc.
Email: privacy@takeinterest.ai